Real world security
It's always easy to talk about how great new security innovations are which are currently included in things like the kernel, glibc, and gcc. The real test of these technologies isn't how many articles are written about how neat they are, it's real world examples. I found two of these examples this week.
SELinux blocks a Mambo exploit
In this example, we see that SELinux prevented a worm from spreading. This was the result of SELinux sandboxing the httpd process. There are a great many people who suggest the best way to run SELinux is to disable it. I suspect this article proves that SELinux works, and should be used.
Stack Protector blocked an rsync off by one error.
CVE-2007-4091 describes an off by one error in which a stack buffer ends up writing a single NULL byte ('\0') past the end of the character array. The location of this buffer could possibly result in an attacker taking over program execution. Stack Protector contains logic which places a "canary" on the stack which is then checked to ensure that nothing fishy is going on. The canary completely nullifies the potential to exploit this flaw.
